More than 200 Spanish cellphones have been selected as possible surveillance targets by a client of NSO Group, an Israeli company that markets spyware called Pegasus, the British newspaper The Guardian reported tuesday. This media added that this customer would be Morocco, according to a data leak which led to a collaborative investigation known as Project Pegasus.
“Mobile number selections allegedly made by Morocco took place in 2019, according to data timestamps, which include over 50,000 numbers of individuals selected as possible surveillance targets by NSO customers around the world” , said the British newspaper citing the leaked database.
One of the numbers belongs to Aminatou Haidar, a prominent human rights activist from Western Sahara who has been targeted by Pegasus since 2018, according to analysis by Amnesty International. Traces of the Pegasus spy program were found on a second phone belonging to Haidar in November 2021. A number belonging to Spanish journalist Ignacio Cembrero, whose work focuses on the Maghreb region of Africa, was also found.
The fact that these phone numbers were selected by a customer believed to be Morocco does not mean that all the numbers were attacked or hacked, according to the British media. But it does indicate that the client appeared to be actively researching possible targets for surveillance in Spain.
The spyware maker, NSO Group, argues that the fact that a number appears on the leaked list does not indicate whether it was monitored with Pegasus. The company defends that its product is intended to fight crime and terrorism, and claims that each time it becomes aware of a possible misuse of Pegasus, it tries to find out if its customer has purchased it for legal purposes or to snoop on politicians’ phones. opponents, activists, journalists and dissidents. A spokesperson for the ONS told EL PAÍS that this type of activity violates the desirable use of these tools.
We don’t know who it could have been, and when we do, we’ll make it public.
Félix Bolaños, Spanish Minister for Prime Minister’s Affairs
Following allegations of political espionage in several European countries in recent years, an EU Board of Inquiry has been appointed to investigate Pegasus, which in theory is only accessible to government agencies. The program can take control of a mobile phone without its owner noticing and, in addition to accessing all its content, it can also transform it into a listening and image capture terminal.
Morocco has previously denied spying on any foreign leader using Pegasus and maintained that journalists investigating NSO were “unable to prove [the country had] any relationship” with NSO, The Guardian reported.
The Pegasus affair took an unexpected turn in Spain on Monday when the government announced that Prime Minister Pedro Sánchez and Defense Minister Margarita Robles had also been targeted by the spyware program. The alleged intrusions occurred in May and June 2021, and Spain’s High Court, the Audiencia Nacional, has opened an investigation into the matter.
These revelations add to allegations of alleged espionage against more than 60 Basque and Catalan separatists, as reported by Citizen Lab, a group of cybersecurity experts from the University of Toronto. Legal proceedings to investigate these allegations are ongoing in the courts of Barcelona.
The judge in charge of investigating the Sánchez and Robles case specified that the hack took place on May 19 and 31, 2021, a time when Spain was caught in a diplomatic row with Morocco. But Félix Bolaños, Spain’s minister for prime minister’s affairs, refused to link the attack to Morocco, instead saying the attack was “external”. “We don’t know who it could have been, and when we do we will make it public. We will wait,” Bolaños stressed in an interview with Cadena SER radio.